diff options
3 files changed, 22 insertions, 4 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 925d6fe2..abb3d685 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -560,7 +560,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) { if (first != null && first.isProcessInIframe()) { return guiConfigFactory.getDefaultIFrameParentHopGui(first, - "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, errorId); } @@ -571,7 +571,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) { String redirectUrl = null; redirectUrl = ServletUtils.getBaseUrl(req); - redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + redirectUrl += ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey; return redirectUrl; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 4ff41836..6a566f00 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -52,8 +52,10 @@ import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; @Controller public class ProtocolFinalizationController extends AbstractController { private static final Logger log = LoggerFactory.getLogger(ProtocolFinalizationController.class); - public static final String ENDPOINT_FINALIZEPROTOCOL = "finalizeAuthProtocol"; - public static final String ENDPOINT_ERRORHANDLING = "errorHandling"; + public static final String ENDPOINT_FINALIZEPROTOCOL = + EaafConstants.ENDPOINT_PREFIX_SECURED + "/finalizeAuthProtocol"; + public static final String ENDPOINT_ERRORHANDLING = + EaafConstants.ENDPOINT_PREFIX_SECURED + "/errorHandling"; @Autowired(required = true) IRequestStorage requestStorage; diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java index 1bbfe1b7..82749b81 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java @@ -27,6 +27,22 @@ public class EaafConstants { public static final String CONTENTTYPE_HTML_UTF8 = "text/html; charset=UTF-8"; + // common http end-point prefixes + /** + * Public end-points without any access restriction. + */ + public static final String ENDPOINT_PREFIX_PUBLIC = "/public"; + + /** + * Public end-points with access restriction, like AccessToken, PendingRequestIds, ... + */ + public static final String ENDPOINT_PREFIX_SECURED = "/public/secure"; + + /** + * Non public end-points that allow restriction on network level. + */ + public static final String ENDPOINT_PREFIX_RESTRICTED = "/restricted"; + // http request parameters for process management public static final String PARAM_HTTP_TARGET_PENDINGREQUESTID = "pendingid"; public static final String PARAM_HTTP_ERROR_CODE = "errorid"; |